The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available from the CVE link inthe References section.

Subversion (SVN) is a concurrent version control system which enables oneor more users to collaborate in developing and maintaining a hierarchy offiles and directories while keeping a history of all changes. Themod_dav_svn module is used with the Apache HTTP Server to allow access toSubversion repositories via HTTP.

A NULL pointer dereference flaw was found in the way the mod_dav_svn moduleprocessed certain requests to lock working copy paths in a repository. Aremote attacker could issue a lock request that could cause the httpdprocess serving the request to crash. (CVE-2011-0715)

Red Hat would like to thank Hyrum Wright of the Apache Subversion projectfor reporting this issue. Upstream acknowledges Philip Martin, WANdisco,Inc. as the original reporter.

All Subversion users should upgrade to these updated packages, whichcontain a backported patch to correct this issue. After installing theupdated packages, you must restart the httpd daemon, if you are usingmod_dav_svn, for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.